Smart Homes & Security: Weighing the Vulnerabilities and Benefits of a Smart Home

While smart home technology brings an unprecedented comfort and convenience to millions of homes all over the country, many of us continue to wonder about the security risks introduced by bringing these technologies into our homes. To be very clear, these concerns are completely legitimate, and asking questions—being skeptical—is the best first step you can possibly take to secure your home. By installing internet connected devices such as smart thermostats, smart lights, hubs, locks, A/V systems and more, you are essentially creating additional vectors, additional pathways into your home. And the more pathways, the higher the vulnerability, the higher your exposure. The higher the vulnerability, the greater the potential risk. Or so we might think.

But perhaps our greatest enemy when it comes to securing our homes is a lack of clarity. This fuzziness and uncertainty about security risks creates a frenzy of anxiety and confusion and unfounded rumors. Unfortunately, the true dangers are lost in that frenzy and not given proper attention. So, in an effort to clarify the facts and dispel the myths, the following short series will review what the greatest security risks are, how those risks can be mitigated, who is at risk and what it is that you can do about it. As you read, please note that we value your input. If you feel there is a glaring issue we haven’t addressed, let us know so that we can focus on it in future articles!

One of the greatest concerns when it comes to smart homes is “hacking”—today’s most misunderstood and overutilized buzzword. Many people believe hackers exploit the vulnerabilities that exist within the victim’s actual system, be it a camera or a lock, which may be true in some cases. But there is a far more common and more concerning kind of hacking. In fact, very few hackers actually break the system directly. According to a 2017 Verizon Data Breach Investigations Report, an estimated 81 percent of hacking breaches were the result of weak or stolen passwords. And over 90 percent of breaches were due to phishing attacks, a term you’ve no doubt heard ad nauseum from your IT guy. Those strange emails from seemingly innocuous sources that turn out to be malicious, or those that look like they are from a friend’s email address and contain an attachment—those should be your concern. These attachments can install malicious software on your computer, malware that can then be used to leverage passwords and compromise countless accounts. Some of those emails even directly ask you for your password. Note: A legitimate company will never ask you to provide passwords or personal information via email. And if you open a link and are directed to a site that asks you for personal information, glance at the URL to make sure you’re in the right place. All this to say that hacking has grown much more sophisticated than exploiting vulnerabilities in your systems. The weak link is not your network, it is actually you.

When it comes to your security, we recommend securing the most basic and essential components first. That means secure passwords, two-factor authentication, password-protected WiFi networks, wariness of unusual emails, keeping your computer and other IoT devices updated with the latest security patches and anti-virus software. You should never be providing your password to anything—to anyone. Ever. Be it the password to your email, your bank account, your login for smart devices… Just don’t give it to anyone. Don’t use easy-to-guess passwords, use different passwords for different websites, update them frequently and be highly suspicious of any emails that request any personal information. And when those annoying pop-ups reminding you to update your computer or phone appear on your screen, do not click “remind me tomorrow” indefinitely. The purpose of those updates is to patch up newfound vulnerabilities. Meaning that if you do not update, a known vulnerability is still lurking, making you susceptible to malicious attack.

With a smart home, your phone is probably the most important thing to protect. It can control everything from your bathroom light to your burglar alarm to the heating in your baby’s room. Your phone is the key to your entire house, so secure it. Use complex password protection (and for crying out loud stop using your birthdate or the word password or your name), encryption, fingerprint locks etc. If your phone is stolen or lost, be prepared to wipe it remotely, change your passwords and touch base with your installer to make sure you’ve properly secured your smart home.

In next week’s installment of Smart Homes & Security, we’ll explore another common concern for homeowners considering automation: the physical security of your home. Smart locks, sensors and cameras all introduce new risks… but are those risks greater than those that exist with keys and “old-fashioned” locks? And do the benefits outweigh or mitigate those risks heavily enough to make a smart home worth it? Spoiler alert: They probably do.

By Efraim & Dvorah Vaynman

Efraim Vaynman owns a home-automation company, Automated Abode, dedicated to making smart homes accessible, affordable and efficient. Contact him at [email protected] or 973-619-9915. See his website at www.automatedabode.com.